Computer implemented method and system for generating a one time password

ABSTRACT

This technology provides methods, non-transitory computer readable medium and apparatuses that generate a OneTime Password (OTP) such that no hardware token is used. The technology uses some functions and parameters generated and transmitted to the client machine, by the server. The server generates a token for each session, cyclic groups G 1  and G 2  of elements and sends this to client machine. The client generates a first OTP using a predefined function on the token and the hash value of user password, such that retrieving the hash value of the password from the first OTP is a discrete log problem. A second OTP is generated using a bilinear mapping on the first OTP, and an element of G 1 , such that generating first OTP from second OTP is a bilinear inverse problem.

This application claims the benefit of Indian Patent Application FilingNo. 147/CHE/2012, filed Jan. 13, 2012, which is hereby incorporated byreference in its entirety.

FIELD

The present invention relates to methods, non-transitory computerreadable medium and apparatuses that generate a One Time Password (OTP).More specifically, it relates to using at least one non-degeneratefunction to generate an OTP without using any hardware tokens andsecuring the generated OTP by discrete log problem and bilinear inverseproblem.

BACKGROUND

A One Time Password (OTP) is a password used for only one session ortransaction. After the expiry of the session, the OTP also expires orgets timed out after a preset time. The use of OTP provides usersecurity. Even if an OTP is hacked, it cannot be used after expiry ofthe session.

There exist various methods for generating an OTP. Typically, they arerelated to using the original user password and generating a randomnumber using some function. Most of these processes also involve usinghardware tokens. The same process is also applied at the server. A useris provided with the generated OTP at the client machine. The userenters the OTP, which goes to the server for authentication. The server,having done the same calculation over the user password, authenticatesthe user.

Any unauthorized access to the OTP may not be useful, because of thetime for which the OTP stays valid. If the OTP is retrieved, and thefunction used to create the OTP is also available, reverse engineeringis required to get the user password. Most of such functions may not bevery strong. Hence, an unauthorized user can reverse engineer to get thepassword.

Accordingly, a stronger system is needed to generate the OTP, which usesone or more stronger functions that require a big turnaround time forreverse engineering.

SUMMARY

A method for generating a one time password (OTP) comprising installinga DLL file at a client, capturing user credentials at the client. Theuser credentials comprise a user name and a password (P), receiving atoken (s) and a plurality of parameters from the server. A first OTP(Q1) is generated using the installed DLL file, the DLL file using thetoken (s) and a hash value (H) of the password. A second OTP (Q2) isgenerated using the installed DLL file. The DLL file uses the first OTP(Q1) and an element (N) belonging to one of the plurality of parameters.One of the first OTP and the second OTP is used for user authentication,the second OTP not being generated when the first OTP is used for userauthentication.

A method for generating a one time password (OTP) in a handheld devicewhich comprises installing a client application at a handheld device.User credentials are captured at the client handheld device, wherein theuser credentials comprise a user name and a password (P). A token (s)and a plurality of parameters are received from a server. A first OTP(Q1) is generated using the installed client application, the clientapplication using the token (s) and a hash value (H) of the password. Asecond OTP (Q2) is generated using the installed client application. Theclient application uses the first OTP and an element (N) belonging toone of the plurality of parameters. One of the first OTP and the secondOTP being used for user authentication, the second OTP not beinggenerated when the first OTP is used for user authentication.

The method for generating a one time password (OTP), wherein the methodcomprises generating a first and a second cyclic group (G1, G2) ofelements at a server, the first and second group being of a predefinedorder, capturing user credentials, wherein the user credentials comprisea user name and a password (P). A token (s) for one session, and thefirst and second group of elements (G1 and G2) are received from theserver. A predetermined function is selected for generating a first OTP(Q1) from the token (s) and a hash value (H) of the password, Q1=sH thefirst OTP (Q1) and the token being an element of the first group (G1)and generating H from Q1 being a discrete log problem. A bilinearmapping ( ) is selected for generating a second OTP (Q2) using the firstOTP (Q1) and an element (N) of G1, the second OTP being an element ofthe second group (G2) and generating Q1 back from Q2 being a bilinearinverse problem. One of the first OTP and the second OTP is used foruser authentication, the second OTP not being generated when the firstOTP is used for user authentication.

A One Time Password (OTP) generation apparatus comprising a memorycoupled to one or more processors which are configured to executeprogrammed instructions stored in the memory comprising installing a DLLfile at a client and capturing user credentials at the client, whereinthe user credentials comprise a user name and a password (P). A token(s) and a plurality of parameters are received from the server. A firstOTP (Q1) is generated using the installed DLL file, the DLL file usingthe token (s) and a hash value (H) of the password, the token (s) beingmade public. A second OTP (Q2) is generated using the installed DLLfile, the DLL file using the first OTP (Q1) and an element (N) of thecyclic group G1. One of the first OTP or the second OTP being used foruser authentication, the second OTP not being generated when the firstOTP is used for user authentication.

A One Time Password (OTP) generation apparatus comprising a memorycoupled to one or more processors which are configured to executeprogrammed instructions stored in the memory comprises installing aclient application at a client handheld device and capturing usercredentials at the client handheld, wherein the user credentialscomprise a user name and a password (P). A token (s) and a plurality ofparameters are received from a server. A first OTP (Q1) is generatedusing the installed client application, the client application using thetoken (s) and a hash value (H) of the password. A second OTP (Q2) isgenerated using the installed client application, the client applicationusing the first OTP and an element (N) of one of the plurality ofparameters. One of the first OTP and the second OTP being used for userauthentication, the second OTP not being generated when the first OTP isused for user authentication.

A non-transitory computer readable medium having stored thereoninstructions for generating a One Time Password (OTP) comprising machineexecutable code which when executed by at least one processor, causesthe processor to perform steps including installing a DLL file at aclient from the server and capturing user credentials at the client,wherein the user credentials comprise a user name and a password (P). Atoken (s) and a plurality of parameters are received from the server. Afirst OTP (Q1) is generated using the installed DLL file, the DLL fileusing the token (s) and a hash value (H) of the password. A second OTP(Q2) is generated using the installed DLL file, the DLL file using thefirst OTP (Q1) and an element (N) of one of the plurality of parameters.One of the first OTP and the second OTP being used for userauthentication, the second OTP not being generated when the first OTP isused for user authentication.

A non-transitory computer readable medium having stored thereoninstructions for generating a One Time Password (OTP) comprising machineexecutable code which when executed by at least one processor, causesthe processor to perform steps including installing a client applicationat a client handheld device and capturing user credentials at the clientmachine, wherein the user credentials comprise a user name and apassword (P). A token (s) and a plurality of parameters are receivedfrom the server. A first OTP (Q1) is generated using the installed DLLfile, the DLL file using the token (s) and a hash value (H) of thepassword. A second OTP (Q2) is generated using the installed DLL file,the DLL file using the first OTP (Q1) and an element (N) of one of theplurality of parameters; one of the first OTP and the second OTP beingused for user authentication, the second OTP not being generated whenthe first OTP is used for user authentication.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 is a flowchart describing in brief the process of an example ofthe instant invention;

FIG. 2 is an example of the procedure of the instant invention;

FIG. 3 is a block diagram of an example of a system of the instantinvention; and

FIG. 4 describes the basic computer program structure where an exampleof the instant invention can be implemented.

DETAILED DESCRIPTION

The following description is full and informative description of thebest method and system presently contemplated for carrying out thepresent invention, which is known to the inventors at the time of filingthe patent application. Of course, many modifications and adaptationswill be apparent to those skilled in the relevant arts in view of thefollowing description, in view of the accompanying drawings and theappended claims. While the system and method described herein areprovided with a certain degree of specificity, the present technique maybe implemented with either greater or lesser specificity, depending onthe needs of the client. Further, some of the features of the presenttechnique may be used to advantage without the corresponding use ofother features described in the following paragraphs. As such, thepresent description should be considered as merely illustrative of theprinciples of the present technique and not in limitation thereof, sincethe present technique is defined solely by the claims.

The following description is presented to enable a person of ordinaryskill in the art to make and use the invention and is provided in thecontext of the requirement for obtaining a patent. The presentdescription is the best presently contemplated method for carrying outthe present invention. Various modifications to the preferred embodimentwill be readily apparent to those skilled in the art and the genericprinciples of the present invention may be applied to other embodiments,and some features of the present invention may be used without thecorresponding use of other features. Accordingly, the present inventionis not intended to be limited to the embodiment shown but is to beaccorded the widest scope consistent with the principles and featuresdescribed herein.

The present invention provides a method for generating a one-timepassword (OTP) such that the OTP is strong and cannot be processed toget the user password, even if the OTP is accessed through unauthorizedmeans. For this purpose, an example of the present invention usesdiscrete exponentiation functions and/or bilinear mapping to generatethe OTP. The user password is used as one of the parameter to be used inthe above functions to generate the OTPs. Additional parameters may alsobe used in an example, as explained in detail in the followingparagraphs.

FIG. 1 is a flowchart describing in brief the process of an example ofthe instant invention. In one embodiment of the present invention, aclient machine uses a DLL file that has all processes for generating theOTP. The server sends a DLL file to be installed at the user machine(101). It should be noted that these are inbuilt functions within theserver. The user enters the username and password for authentication(102). This user password is not transmitted to the server. Instead, anOTP to be sent to the server is created so that the user password cannotbe accessed by unauthorized users. For creating the OTP, the serversends one or more parameters to the client machine and the functionsstored in the DLL use these parameters (103). In an embodiment of thepresent invention, only one OTP is generated and transmitted to theserver (104). In another embodiment, a second OTP is generated using thefirst OTP, and only the second OTP is transmitted to the server (105).It should be understood that the functions used for generating the OTPare such that even if an unauthorized user is able to access the OTP andthe functions used, the process to get the user password will have avery big turnaround time.

In an example, by using the inbuilt functions, the server generates afirst and/or second OTP using the password stored with it. Thus the useris authenticated.

FIG. 2 describes an example for the implementation of the process of theinvention. The means of implementation of the process are first providedin the machine where the user logs in. In one embodiment, the process isimplemented at a client machine. Such a client machine may be a desktopcomputer, a laptop computer, a kiosk, an ATM and the like. In anotherembodiment, the process is implemented at a handheld device. Such ahandheld device may include mobile device, pager device, PDA, tablet,and other such handheld electronic devices.

In an embodiment, a DLL file is installed at the client machine. The DLLfile includes all functionalities required for the working of thepresent invention. In another embodiment, an application configured forhandheld electronic device is installed at the client handheldelectronic device [earlier, you have talked about client machines andhandheld devices.]. This application has the various functionalitiesrequired for the working of the present invention.

For the generation of the OTP, in one embodiment, the user provides hislogin credentials at the client machine or the client handheld device(203). In an example, the user credentials include username and userpassword.

In an example, the invention uses a set of parameters and functions tobe applied to the user password. In an embodiment, one set of suchparameters includes two cyclic groups, G1 and G2, of elements. Thesegroups are of order ‘n’. In an embodiment, these groups are generated atthe server. The server also generates a token ‘s’ for each session.These parameters are then transmitted to the client, a copy being savedat the server (204).

The above parameters are used to generate the OTP. In an embodiment, thepresent invention generates two OTPs using two different functions. Forthe first OTP(Q1), in one embodiment, the invention uses a predefinedfunction (205). The function is applied over hash value of the userpassword (H), and the token (s), Q1=sH. It should be noted that sincethe token (s) is different for every session, Q1 is different for eachsession. Hence, it is a ‘One Time Password’. For the next user session,the server creates a new token (s), and hence Q1 is also different.

The first OTP (Q1) and the token (s) are the elements of the cyclicgroup G1. In one embodiment, the first OTP (Q1) is sent to the serverfor user authentication. In an example, discrete exponentiation functionis used to generate the first OTP.

Even if the first OTP Q1 and the token (s) are retrieved throughunauthorized access, retrieving the hash value of the user password is adiscrete log problem.

The server has the user password previously stored in its database whenit was generated. The server is also aware of the function used togenerate the first OTP. The server retrieves the token (s) for theparticular session and generates an OTP using the same function over thehash value of the password and the token. Then, the OTP received fromthe client and the OTP generated at the server are compared. If theymatch, the user is authenticated.

In another embodiment, a second OTP (Q2) is generated using the firstOTP Q1, and a bilinear mapping ( ) (206),

Q2=ê(Q1,N)

Q2εG2,NεG1

The bilinear mapping uses an element (N) of G1, and Q1. The second OTPQ2 is an element of the cyclic group G2.

As mentioned above, since Q1 is different for every session, accordinglyQ2 also differs for each session, and is hence a ‘One Time Password’.

The second OTP Q2 is transmitted to the server (207). If Q2 is retrievedby unauthorized access, reverse calculating the bilinear mapping to getQ1 is a bilinear inverse problem. And consequently, generating the hashvalue of the user password from Q1 is a discrete log problem. Further,retrieving the user password from the hash value of the user passwordhas a huge turnaround time.

Therefore, according to the present invention, Q1 and Q2 are very strongOTPs, and the user password is very strongly protected.

FIG. 3 provides a block diagram 300 of the system used for implementingan example of the invention.

The block diagram 300 shows a client 301, and a server 302, whichinclude components for performing the various procedures of the instantinvention. The client 301 has an Apps Login page 3011, where a userprovides his credentials, i.e. username and password. The block diagramalso shows component 3012 comprising the DLL file installed at theclient, by the server 302. The DLL file has the functions stored togenerate the OTPs Q1 and Q2. In an example, such functions includediscrete exponential function and bilinear mapping respectively.

The server 302 has components 3021 and 3022 to generate the requiredparameters. 3021 is a bilinear group generator, which generates thecyclic groups G1 and G2, of a predefined order. These are transmitted tothe client. 3022 is a token generator that generates the token (s) foreach session. The token is also transmitted to the server. The serveralso has a copy of these parameters. Since the token (s) is differentfor each session, Q1 and Q2 are also different.

The user password had been previously stored at the server database(3023) when it was created by the user. The server also generates anumber N such that N is an element of cyclic group G1, and sends it tothe client. The server retrieves the user password and token for theparticular session, and uses the parameters (G1, G2, N and s) togenerate the OTPs Q1 and Q2 as explained earlier. The functions forgenerating these OTP are available to the server.

FIG. 4 is a system illustrating a generalized computer networkarrangement, in one embodiment of the present technique.

Exemplary Computing Environment

One or more of the above-described techniques can be implemented in orinvolve one or more computer systems. FIG. 4 illustrates a generalizedexample of a computing environment 400. The computing environment 400 isnot intended to suggest any limitation as to scope of use orfunctionality of described embodiments.

With reference to FIG. 4, the computing environment 400 includes atleast one processing unit 310 and memory 320. In FIG. 4, this most basicconfiguration 330 is included within a dashed line. The processing unit310 executes computer-executable instructions and may be a real or avirtual processor. In a multi-processing system, multiple processingunits execute computer-executable instructions to increase processingpower. The memory 320 may be volatile memory (e.g., registers, cache,RAM), non-volatile memory (e.g., ROM, EEPROM, flash memory, etc.), orsome combination of the two. In some embodiments, the memory 320 storessoftware 380 implementing described techniques.

A computing environment may have additional features. For example, thecomputing environment 400 includes storage 340, one or more inputdevices 350, one or more output devices 360, and one or morecommunication connections 370. An interconnection mechanism (not shown)such as a bus, controller, or network interconnects the components ofthe computing environment 400. Typically, operating system software (notshown) provides an operating environment for other software executing inthe computing environment 400, and coordinates activities of thecomponents of the computing environment 400.

The storage 340 may be removable or non-removable, and includes magneticdisks, magnetic tapes or cassettes, CD-ROMs, CD-RWs, DVDs, or any othermedium which can be used to store information and which can be accessedwithin the computing environment 400. In some embodiments, the storage340 stores instructions for the software 380.

The input device(s) 350 may be a touch input device such as a keyboard,mouse, pen, trackball, touch screen, or game controller, a voice inputdevice, a scanning device, a digital camera, or another device thatprovides input to the computing environment 400. The output device(s)360 may be a display, printer, speaker, or another device that providesoutput from the computing environment 400.

The communication connection(s) 370 enable communication over acommunication medium to another computing entity. The communicationmedium conveys information such as computer-executable instructions,audio or video information, or other data in a modulated data signal. Amodulated data signal is a signal that has one or more of itscharacteristics set or changed in such a manner as to encode informationin the signal. By way of example, and not limitation, communicationmedia include wired or wireless techniques implemented with anelectrical, optical, RF, infrared, acoustic, or other carrier.

Implementations can be described in the general context ofcomputer-readable media. Computer-readable media are any available mediathat can be accessed within a computing environment. By way of example,and not limitation, within the computing environment 400,computer-readable media include memory 320, storage 340, communicationmedia, and combinations of any of the above.

While the foregoing has described certain embodiments and the best modeof practicing the invention, it is understood that variousimplementations, modifications and examples of the subject matterdisclosed herein may be made. It is intended by the following claims tocover the various implementations, modifications, and variations thatmay fall within the scope of the subject matter described.

What is claimed is:
 1. A method for generating a onetime password (OTP),the method comprises: installing a DLL file at a client from the server;capturing user credentials at the client, wherein the user credentialscomprise a user name and a password (P); receiving a token (s) for onesession, and a plurality of parameters from the server; generating afirst OTP (Q1) using the installed DLL file, the DLL file using thetoken (s) and a hash value (H) of the password; and generating a secondOTP (Q2) using the installed DLL file, the DLL file using the first OTP(Q1) and an element (N) of one of the plurality of parameters; one ofthe first OTP and the second OTP being used for user authentication, thesecond OTP not being generated when the first OTP is used for userauthentication.
 2. The method as claimed in claim 1, wherein the token(s) is generated by the server for a user session.
 3. The method asclaimed in claim 1, wherein the plurality of parameters comprises afirst and a second cyclic group (G1 and G2) of elements, said first andsecond groups being of a predefined order (n).
 4. The method as claimedin claim 3, wherein the first OTP (Q1) is generated using a predefinedfunction, Q1=sH, the token (s) and Q1 being an element of the firstgroup (G1), and generating H from Q1 being a discrete log problem. 5.The method as claimed in claim 3, wherein the second OTP (Q2) isgenerated using a bilinear mapping ( ), the element (N) being an elementof the first group G1, and the second OTP (Q2) being an element of thesecond group (G2),Q2=ê(Q1,N)Q2εG2,NεG1.
 6. A method for generating a One Time Password (OTP) in ahandheld device, the method comprises: installing a client applicationat a client handheld device; capturing user credentials at the clienthandheld, wherein the user credentials comprise a user name and apassword (P); receiving a token (s) for one session, and a plurality ofparameters from a server; generating a first OTP (Q1) using theinstalled client application, the client application using the token (s)and a hash value (H) of the password; and generating a second OTP (Q2)using the installed client application, the client application using thefirst OTP and an element (N) of one of the plurality of parameters; oneof the first OTP and the second OTP being used for user authentication,the second OTP not being generated when the first OTP is used for userauthentication.
 7. The method as claimed in claim 6, wherein the token(s) is generated by the server for a user session.
 8. The method asclaimed in claim 6, wherein the plurality of parameters comprises afirst and a second cyclic group (G1 and G2) of elements, said first andsecond groups being of a predefined order (n).
 9. The method as claimedin claim 8, wherein the first OTP (Q1) is generated using a predefinedfunction Q1=sH, the token (s) and Q1 being an element of the first group(G1), and generating H from Q1 being a discrete log problem.
 10. Themethod as claimed in claim 8, wherein the second OTP (Q2) is generatedusing a bilinear mapping ( ), the element (N) being an element of thefirst group G1, and the second OTP (Q2) being an element of the secondgroup (G2),Q2=ê(Q1,N)Q2εG2,NεG1.
 11. A method for generating a One Time Password (OTP), themethod comprises: generating a first and a second cyclic group (G1, G2)of elements at a server, the first and second group being of apredefined order; capturing user credentials, wherein the usercredentials comprise a user name and a password (P); receiving a token(s) for one session, and the first and second group (G1 and G2) ofelements from the server; selecting a predetermined function forgenerating a first OTP (Q1) from the token (s) and a hash value (H) ofthe password, Q1=sH the first OTP (Q1) and the token (s) being anelement of the first group (G1) and generating H from Q1 being adiscrete Log problem; selecting a bilinear mapping ( ) for generating asecond OTP (Q2) using the first OTP (Q1) and an element (N) of G1,Q2=ê(Q1,N)Q2εG2,NεG1 the second OTP being an element of the second group (G2);wherein one of the first OTP and the second OTP is used for userauthentication, the second OTP not being generated when the first OTP isused for user authentication.
 12. The method as claimed in claim 11,wherein a DLL file is installed at the client machine to generate thefirst and the second OTP.
 13. The method as claimed in claim 11, whereina client application is installed at a client handheld device togenerate the first and the second OTP.
 14. A One Time Password (OTP)generation apparatus, the apparatus comprising: one or more processors;a memory coupled to the one or more processors which are configured toexecute programmed instructions stored in the memory comprising:installing a DLL file at a client from the server; capturing usercredentials at the client, wherein the user credentials comprise a username and a password (P); receiving a token (s) and a plurality ofparameters from the server; generating a first OTP (Q1) using theinstalled DLL file, the DLL file using the token (s) and a hash value(H) of the password; and generating a second OTP (Q2) using theinstalled DLL file, the DLL file using the first OTP (Q1) and an element(N) of one of the plurality of parameters; one of the first OTP and thesecond OTP being used for user authentication, the second OTP not beinggenerated when the first OTP is used for user authentication.
 15. Theapparatus as claimed in claim 14, wherein the token (s) is generated bythe server for a user session.
 16. The apparatus as claimed in claim 14,wherein the plurality of parameters comprises a first and a secondcyclic group (G1 and G2) of elements, said first and second groups beingof a predefined order (n).
 17. The apparatus as claimed in claim 16,wherein the one or more processors is further configured to executeprogrammed instructions stored in the memory for the generating thefirst OTP further comprises generating the first OTP (Q1) using apredefined function Q1=sH, the token (s) and Q1 being an element of thefirst group (G1), and generating H from Q1 being a Discretelog problem.18. The apparatus as claimed in claim 16, wherein the one or moreprocessors is further configured to execute programmed instructionsstored in the memory for the second generating the second OTP furthercomprises generating the second OTP (Q2) using a bilinear mapping ( ),the element (N) being an element of the first group G1, and the secondOTP (Q2) being an element of the second group (G2),Q2=ê(Q1,N)Q2εG2,NεG1.
 19. A One Time Password (OTP) generation apparatus, theapparatus comprising: one or more processors; a memory coupled to theone or more processors which are configured to execute programmedinstructions stored in the memory comprising: installing a clientapplication at a client handheld device; capturing user credentials atthe client handheld, wherein the user credentials comprise a user nameand a password (P); receiving a token (s) and a plurality of parametersfrom a server; generating a first OTP (Q1) using the installed clientapplication, the client application using the token (s) and a hash value(H) of the password; and generating a second OTP (Q2) using theinstalled client application, the client application using the first OTPand an element (N) of one of the plurality of parameters; one of thefirst OTP and the second OTP being used for user authentication, thesecond OTP not being generated when the first OTP is used for userauthentication.
 20. A non-transitory computer readable medium havingstored thereon instructions for generating a One Time Password (OTP)comprising machine executable code which when executed by at least oneprocessor, causes the processor to perform steps comprising: installinga DLL file at a client from the server; capturing user credentials atthe client, wherein the user credentials comprise a user name and apassword (P); receiving a token (s) and a plurality of parameters fromthe server; generating a first OTP (Q1) using the installed DLL file,the DLL file using the token (s) and a hash value (H) of the password;and generating a second OTP (Q2) using the installed DLL file, the DLLfile using the first OTP (Q1) and an element (N) of one of the pluralityof parameters; one of the first OTP and the second OTP being used foruser authentication, the second OTP not being generated when the firstOTP is used for user authentication.
 21. A non-transitory computerreadable medium having stored thereon instructions for generating a OneTime Password (OTP) comprising machine executable code which whenexecuted by at least one processor, causes the processor to performsteps comprising: installing a client application at a client handhelddevice; capturing user credentials at the client machine, wherein theuser credentials comprise a user name and a password (P); receiving atoken (s) and a plurality of parameters from the server; generating afirst OTP (Q1) using the installed DLL file, the DLL file using thetoken (s) and a hash value (H) of the password; and generating a secondOTP (Q2) using the installed DLL file, the DLL file using the first OTP(Q1) and an element (N) of one of the plurality of parameters; one ofthe first OTP and the second OTP being used for user authentication, thesecond OTP not being generated when the first OTP is used for userauthentication.